package security.controller;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import security.vo.User;

import java.util.ArrayList;
import java.util.List;

@RestController
@Slf4j
public class TestController {

    // 不需要验证的接口
    @RequestMapping("/test")
    public String test1(){
        return "security test 5   不需要验证的接口";
    }

    // 不需要验证的接口
    @RequestMapping("/test/test4")
    public String test4(){
        return "security test 4   不需要验证的接口";
    }

    // 登录成功后才能访问的接口
    @RequestMapping("/test/index")
    public String index(){
        return "hello index    登录成功后才能访问的接口";
    }


    // ==================================
    @RequestMapping("/update")
    @Secured({"ROLE_admin","ROLE_user"})
    public String update(){
        return "security test 5  update  需要验证的接口";
    }

    @RequestMapping("/delete")
    @Secured({"ROLE_delete"})
    public String delete(){
        return "security test 5  delete  需要验证的接口";
    }

    // =================================
    @RequestMapping("/updateBefore")
    //@PreAuthorize("hasRole('ROLE_admin')")
    //@PreAuthorize("hasAnyRole('ROLE_admin','ROLE_user')")
    //@PreAuthorize("hasAuthority('admin')")
    @PreAuthorize("hasAnyAuthority('admin','update')") // 注意单引号
    public String updateBefore(){
        return "security test 5  updateBefore  需要验证的接口";
    }


    // =================================
    @RequestMapping("/updateAfter")
    @PostAuthorize("hasAnyRole('ROLE_update')") // 未配置 ROLE_update 权限
    public String updateAfter(){
        log.info("=== 进入当前 updateAfter ====");
        return "security test 5  updateAfter  需要验证的接口";
    }


    // =================================
    @RequestMapping("/postFilter")
    @PreAuthorize("hasAnyAuthority('admin','update')") // 注意单引号
    @PostFilter("filterObject.username == 'xiangjiao'") // 针对返回数据做过滤
    public List<User> postFilter(){
        log.info("=== 进入当前 postFilter ====");
        List<User> userLists = new ArrayList<>();
        userLists.add(new User(1,"xiangjiao","bunana",1,0));
        userLists.add(new User(2,"xiangjiao2","bunana2",1,0));
        return userLists;
    }

    // =================================
    @PostMapping("/preFilter")
    @PreAuthorize("hasAnyAuthority('admin','update')") // 注意单引号
    @PreFilter("filterObject.id % 2 == 0") // id为偶数才能请求
    public String preFilter(@RequestBody List<User> userLists){
        log.info("=== 进入当前 preFilter ====");
        log.info(userLists.toString());
        return "security test 5  preFilter  需要验证的接口";
    }
}
